commit | feaf15005555a3099c7f22a7e3d16c99ccb40e72 | [log] [tgz] |
---|---|---|
author | Ed Tanous <edtanous@google.com> | Tue Feb 23 08:53:50 2021 -0800 |
committer | Ed Tanous <edtanous@google.com> | Tue Feb 23 13:29:16 2021 -0800 |
tree | 70368fb1f8ba9a069cf4fa7724509309c6515a69 | |
parent | b00dcc27587267e18d3abdee82f1ed7b39744d02 [diff] |
Fix XSS regressions The router has an old sanity check in it to verify that nodes are simple. This is no longer the case, as we can have multiple, overlapping routes between different handlers, so non-simple root nodes are allowed. The commit here broke a couple things. 0260d9d6b252d5fef81a51d4797e27a6893827f4 First, when that route gets injected, the root node is no longer simple, as the first root in the trie can be a complex node. This should be ok, and this commit comments out the check. Also, because the meson node for the option was loaded directly into set10, instead of the boolean equivalent, the XSS feature always gets enabled, regardless of whether or not that's what the user wanted. The fix to this was to simply include a .enabled(), which correctly calls the bool. Tested: Built with insecure-disable-xss set, and observed crash was removed. Tried several routes including /redfish/v1 and observed them working. Signed-off-by: Ed Tanous <edtanous@google.com> Change-Id: Ib9fb55a61796ddbda65b7ee5d2803a5cbd2ae75f
This component attempts to be a "do everything" embedded webserver for openbmc.
At this time, the webserver implements a few interfaces:
BMCWeb is configured by setting -D
flags that correspond to options in bmcweb/meson_options.txt
and then compiling. For example, meson <builddir> -Dkvm=disabled ...
followed by ninja
in build directory. The option names become C++ preprocessor symbols that control which code is compiled into the program.
meson builddir ninja -C builddir
meson builddir -Dbuildtype=minsize -Db_lto=true -Dtests=disabled ninja -C buildir
If any of the dependencies are not found on the host system during configuration, meson automatically gets them via its wrap dependencies mentioned in bmcweb/subprojects
.
meson builddir -Dwrap_mode=nofallback ninja -C builddir
meson builddir -Db_coverage=true -Dtests=enabled ninja coverage -C builddir test
When BMCWeb starts running, it reads persistent configuration data (such as UUID and session data) from a local file. If this is not usable, it generates a new configuration.
When BMCWeb SSL support is enabled and a usable certificate is not found, it will generate a self-sign a certificate before launching the server. The keys are generated by the secp384r1
algorithm. The certificate
C=US, O=OpenBMC, CN=testhost
,SHA-256
algorithm.